Overview

overview

10

Static

static

3

47D5914F68...87.exe

windows7-x64

10

47D5914F68...87.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47D5914F687278CF73A9D48779716E87.exe

  • Size

    358KB

  • Sample

    231204-zj9tyaff89

  • MD5

    47d5914f687278cf73a9d48779716e87

  • SHA1

    107213253be6d4dae494528c6cd25daa2b9ace9b

  • SHA256

    754f250eb41af8423f743c14b1a77088c50c1446b5ab5032c411aa018fd53df5

  • SHA512

    808c8289404ce7d77ac4b719d723829b8f511c12517b8db432e886d10953f5c27ff4e4c47cbdeac2f6f6f4256137d9134274910a0b936259eae7d715d760e55b

  • SSDEEP

    6144:NoM6jhF9Bx5kfN4f9/w/KxluW30ROUx+7sATubFrrd:8hPPQGNw/KxUW30UUx+7sATuJr

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

abdoooo3.ddns.net:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      47D5914F687278CF73A9D48779716E87.exe

    • Size

      358KB

    • MD5

      47d5914f687278cf73a9d48779716e87

    • SHA1

      107213253be6d4dae494528c6cd25daa2b9ace9b

    • SHA256

      754f250eb41af8423f743c14b1a77088c50c1446b5ab5032c411aa018fd53df5

    • SHA512

      808c8289404ce7d77ac4b719d723829b8f511c12517b8db432e886d10953f5c27ff4e4c47cbdeac2f6f6f4256137d9134274910a0b936259eae7d715d760e55b

    • SSDEEP

      6144:NoM6jhF9Bx5kfN4f9/w/KxluW30ROUx+7sATubFrrd:8hPPQGNw/KxUW30UUx+7sATuJr

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks